Distributed caching system with subscription based notification
of cache invalidations

ABSTRACT

Described herein are systems, devices, and methods for content delivery on the Internet. In certain non-limiting embodiments, a caching model is provided that can support caching for indefinite time periods, potentially with infinite or relatively long time-to-live values, yet provide prompt updates when the underlying origin content changes. In one approach, an origin server can annotate its responses to content requests with tokens, e.g., placing them in an appended HTTP header or otherwise. The tokens can drive the process of caching, and can be used as handles for later invalidating the responses within caching proxy servers delivering the content. Tokens may be used to represent a variety of kinds of dependencies expressed in the response, including without limitation data, data ranges, or logic that was a basis for the construction of the response.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.14/046,884, filed Oct. 4, 2013, the teachings of which are herebyincorporated by reference in their entirety.

BACKGROUND OF THE INVENTION

Technical Field

This disclosure generally relates to distributed data processing systemsand to the delivery of content to users over computer networks, and moreparticularly to techniques for caching content to accelerate contentdelivery over computer networks.

Brief Description of the Related Art

Distributed computer systems are known in the prior art. One suchdistributed computer system is a “content delivery network” or “CDN”that is operated and managed by a service provider. The service providertypically provides the content delivery service on behalf of thirdparties. A “distributed system” of this type typically refers to acollection of autonomous computers linked by a network or networks,together with the software, systems, protocols and techniques designedto facilitate various services, such as content delivery or the supportof outsourced site infrastructure. This infrastructure is typicallyshared by multiple tenants, the content providers. The infrastructure isgenerally used for the storage, caching, or transmission of content—suchas web pages, streaming media and applications—on behalf of such contentproviders or other tenants. The platform may also provide ancillarytechnologies used therewith including, without limitation, DNS queryhandling, provisioning, data monitoring and reporting, contenttargeting, personalization, and business intelligence.

In a known system such as that shown in FIG. 1, a distributed computersystem 100 is configured as a content delivery network (CDN) and has aset of machines 102 distributed around the Internet. Typically, most ofthe machines are servers located near the edge of the Internet, i.e., ator adjacent end user access networks. A network operations commandcenter (NOCC) 104 may be used to administer and manage operations of thevarious machines in the system. Third party sites affiliated withcontent providers, such as web site 106, offload delivery of content(e.g., HTML or other markup language files, embedded page objects,streaming media, software downloads, and the like) to the distributedcomputer system 100 and, in particular, to the CDN servers (which aresometimes referred to as “edge” servers). Such servers may be groupedtogether into a point of presence (POP) 107 at a particular geographiclocation.

The CDN servers are typically located at nodes that arepublicly-routable on the Internet, within or adjacent nodes that arelocated in mobile networks, in or adjacent enterprise-based privatenetworks, or in a combination thereof.

Typically, content providers offload their content delivery by aliasing(e.g., by a DNS CNAME) given content provider domains or sub-domains todomains that are managed by the service provider's authoritative domainname service. The server provider's domain name service directs end userclient machines 122 that desire content to the distributed computersystem (or more particularly, to one of the CDN serves in the platform)to obtain the content more reliably and efficiently. The CDN serversrespond to the client requests, for example by fetching requestedcontent from a local cache, from another CDN server, from the originserver 106 associated with the content provider, or other source.

For cacheable content, CDN servers typically employ a caching model thatrelies on setting a time-to-live (TTL) for each cacheable object. Afterit is fetched, the object may be stored locally at a given CDN serveruntil the TTL expires, at which time the object is typicallyre-validated or re-fetched from the origin server 106. For non-cacheableobjects (sometimes referred to as ‘dynamic’ content), the CDN servertypically must return to the origin server 106 each time when the objectis requested by a client. The CDN may operate a server cache hierarchyto provide intermediate caching of customer content in various CDNservers closer to the CDN server handling a client request than theorigin server 106; one such cache hierarchy subsystem is described inU.S. Pat. No. 7,376,716, the disclosure of which is incorporated hereinby reference.

Although not shown in detail in FIG. 1, the distributed computer systemmay also include other infrastructure, such as a distributed datacollection system 108 that collects usage and other data from the CDNservers, aggregates that data across a region or set of regions, andpasses that data to other back-end systems 110, 112, 114 and 116 tofacilitate monitoring, logging, alerts, billing, management and otheroperational and administrative functions. Distributed network agents 118monitor the network as well as the server loads and provide network,traffic and load data to a DNS query handling mechanism 115. Adistributed data transport mechanism 120 may be used to distributecontrol information (e.g., metadata to manage content, to facilitateload balancing, and the like) to the CDN servers. The CDN may include anetwork storage subsystem (sometimes referred to herein as “NetStorage”)which may be located in a network datacenter accessible to the CDNservers and which may act as a source of content, such as described inU.S. Pat. No. 7,472,178, the disclosure of which is incorporated hereinby reference.

As illustrated in FIG. 2, a given machine 200 in the CDN comprisescommodity hardware (e.g., a microprocessor) 202 running an operatingsystem kernel (such as Linux or variant) 204 that supports one or moreapplications 206. To facilitate content delivery services, for example,given machines typically run a set of applications, such as an(hypertext transfer protocol) HTTP proxy 207, a name server 208, a localmonitoring process 210, a distributed data collection process 212, andthe like. The HTTP proxy 207 (sometimes referred to herein as a globalhost or “ghost”) typically includes a manager process for managing acache and delivery of content from the machine. For streaming media, themachine may include one or more media servers, such as a Windows MediaServer (WMS) or Flash server, as required by the supported mediaformats.

A given CDN server shown in FIG. 2 may be configured to provide one ormore extended content delivery features, preferably on adomain-specific, content-provider-specific basis, preferably usingconfiguration files that are distributed to the CDN servers using aconfiguration system. A given configuration file preferably is XML-based(extensible markup language-based) and includes a set of contenthandling rules and directives that facilitate one or more advancedcontent handling features. The configuration file may be delivered tothe CDN server via the data transport mechanism. U.S. Pat. No.7,240,100, the contents of which are hereby incorporated by reference,describe a useful infrastructure for delivering and managing CDN servercontent control information and this and other control information(sometimes referred to as “metadata”) can be provisioned by the CDNservice provider itself, or (via an extranet or the like) the contentprovider customer who operates the origin server. U.S. Pat. No.7,111,057, incorporated herein by reference, describes an architecturefor purging content from the CDN machines. More information about a CDNplatform can be found in U.S. Pat. Nos. 6,108,703 and 7,596,619, theteachings of which are hereby incorporated by reference in theirentirety.

In a typical operation, a content provider identifies a content providerdomain or sub-domain that it desires to have served by the CDN. The CDNservice provider associates (e.g., via a canonical name or CNAME, orother aliasing technique) the content provider domain with a CDNhostname, and the CDN provider then provides that CDN hostname to thecontent provider. When a DNS query to the content provider domain orsub-domain is received at the content provider's domain name servers,those servers respond by returning the CDN hostname. That networkhostname points to the CDN, and that hostname is then resolved throughthe CDN name service. To that end, the CDN name service returns one ormore IP addresses. The requesting client application (e.g., browser)then makes a content request (e.g., via HTTP or HTTPS) to a CDN servermachine associated with the IP address. The request includes a hostheader that includes the original content provider domain or sub-domain.Upon receipt of the request with the host header, the CDN server checksits configuration file to determine whether the content domain orsub-domain requested is actually being handled by the CDN. If so, theCDN server applies its content handling rules and directives for thatdomain or sub-domain as specified in the configuration. These contenthandling rules and directives may be located within an XML-based“metadata” configuration file, as noted above.

The CDN platform may be considered as an overlay across the Internet onwhich communication efficiency can be improved. Improved communicationson the overlay can help when a CDN server needs to obtain requestedcontent from an origin server 106 or from another CDN server that isacting as an intermediate cache-parent, or when acceleratingcommunication of non-cacheable content across the overlay on behalf of acontent provider, or otherwise. Communications between CDN serversand/or across the overlay may be enhanced or improved using routeselection, protocol optimizations including TCP enhancements, persistentconnection pooling and reuse, content & header compression andde-duplication, and other techniques such as those described in U.S.Pat. Nos. 6,820,133, 7,274,658, 7,607,062, and 7,660,296, among others,the disclosures of which are incorporated herein by reference.

As an overlay offering communication enhancements and acceleration, theCDN server resources may be used to facilitate wide area network (WAN)acceleration services between enterprise data centers and/or betweenbranch-headquarter offices (which may be privately managed), as well asto/from third party software-as-a-service (SaaS) providers used by theenterprise users.

Along these lines, CDN customers may subscribe to a “behind thefirewall” managed service product to accelerate Intranet webapplications that are hosted behind the customer's enterprise firewall,as well as to accelerate web applications that bridge between theirusers behind the firewall to an application hosted in the internet cloud(e.g., from a SaaS provider).

To accomplish these two use cases, CDN software may execute on machines(potentially in virtual machines running on customer hardware) hosted inone or more customer data centers, and on machines hosted in remote“branch offices.” The CDN software executing in the customer data centertypically provides service configuration, service management, servicereporting, remote management access, customer SSL certificatemanagement, as well as other functions for configured web applications.The software executing in the branch offices provides last mile webacceleration for users located there. The CDN itself typically providesCDN hardware hosted in CDN data centers to provide a gateway between thenodes running behind the customer firewall and the CDN serviceprovider's other infrastructure (e.g., network and operationsfacilities). This type of managed solution provides an enterprise withthe opportunity to take advantage of CDN technologies with respect totheir company's intranet, providing a wide-area-network optimizationsolution. This kind of solution extends acceleration for the enterpriseto applications served anywhere on the Internet. By bridging anenterprise's CDN-based private overlay network with the existing CDNpublic internet overlay network, an end user at a remote branch officeobtains an accelerated application end-to-end. FIG. 3 illustrates ageneral architecture for a WAN optimized, “behind-the-firewall” serviceoffering such as that described above, along with examples of possibledata flows across the overlay. Other information about a behind thefirewall service offering can be found in teachings of U.S. Pat. No.7,600,025, the teachings of which are hereby incorporated by reference.

While known techniques, such as those currently used in CDNs, offer manyadvantages, there is a need for techniques to better accelerate trafficfor which a no-store or explicit-TTL caching approach is suboptimal,which is an increasing and important part of the traffic on theInternet. Content accessed through application programmer interfaces(API) are one example of such traffic. With the foregoing by way ofintroduction, the improved systems, methods, and apparatus that are thesubject of this disclosure are described below.

BRIEF SUMMARY

This disclosure describes, among other things, systems, devices, andmethods for content delivery on the Internet. A caching model isdescribed that can improve upon known time-to-live (TTL) based cachingand no-store approaches (although such techniques can be used inconjunction with the teachings hereof, as will be explained below).Approaches described herein can support caching for indefinite timeperiods, while still updating promptly when the underlying origincontent changes, making them suited for, among other things, contentretrieved using an application-programming-interface (API), althoughthis is not a limitation.

For example, in one embodiment, an origin server can be programmed toannotate its responses to client content requests with identifiers inthe form of tokens. (In the case of an API, the API running on theorigin server can be programmed to annotate responses to client requestsmade to the API with tokens.) The tokens can drive the process ofcaching the origin responses within caching proxy servers in thedelivery platform. The TTL for issued responses can be considered to beinfinite, or relatively long, enabling acceleration from cachedresponses in the proxies. Subsequently, the tokens can be used ashandles to invalidate prior responses.

Typically, tokens can correspond to or denote data or logic used tocreate the response at origin. For example, a particular record in adatabase driving content generation at origin can correspond to a token.A token could also correspond to a file or other data at origin. Whensuch a record, file, or other origin data is updated, then aninvalidation assertion can be issued for the token (from origin, forexample) and propagated to the appropriate proxy caches. Responses inthe proxy caches that were tagged with the token then can beinvalidated, as those responses are dependent on data that has changed.A token could correspond to any item or set of data, so the approach isflexible with regards to the origin database structure and contentgeneration infrastructure.

Tokens can be used in a variety of other ways. For example, tokens canbe used to indicate that a data selection or sorting algorithm has beenused to create the response. Later, the ‘selection/sorting’ token can beused as a handle to invalidate the response when the selection orsorting of data in the response is outdated. In this way, a token candenote logic that was applied at origin and expressed in the response.

As a further example, tokens may also be considered to be “range” tokensby expressing ranges of values in a specific syntactic style. A responsecan be tagged with a range tokens that indicate, for example, a range ofvalues that the response relates to. A subsequent invalidation of aspecific value within the range of previously listed range tokens caninvalidate those range tokens and the responses to which they wereconnected.

The subject matter described herein has a wide variety of applicationsin content delivery and online platform architectures, and can be usedin conjunction with CDN services and technologies.

As those skilled in the art will recognize, the foregoing descriptionmerely refers to examples of the invention in order to provide anintroduction. Other embodiments will be described in the remainder ofthis document. The foregoing is not limiting and the teachings hereofmay be realized in a variety of systems, methods, apparatus, andnon-transitory computer-readable media. It should also be noted that theallocation of functions to particular machines is not limiting, as thefunctions recited herein may be combined or split amongst differentmachines in a variety of ways.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be more fully understood from the following detaileddescription taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 is a schematic diagram illustrating one embodiment of a knowndistributed computer system configured as a content delivery network;

FIG. 2 is a schematic diagram illustrating one embodiment of a machineon which a content delivery server in the system of FIG. 1 can beimplemented;

FIG. 3 is a schematic diagram illustrating one embodiment of messageflow and acceleration across an overlay CDN platform;

FIG. 4a is a schematic diagram illustrating one embodiment of messageflow in an example system that accelerates delivery of content usingcaching techniques that leverage the teachings hereof;

FIG. 4b is a schematic diagram illustrating another embodiment ofmessage flow in an example system that accelerates delivery of contentusing caching techniques that leverage the teachings hereof;

FIG. 5 is a block diagram illustrating examples of relationships betweenAPI responses and an example underlying API database, for the case ofaccelerating API content;

FIG. 6 is a schematic diagram illustrating one embodiment of messageflow in an example system that accelerates delivery of content usingcaching techniques that leverage the teachings hereof;

FIG. 6 is a schematic diagram of an example network of Hologram nodesand messaging flow amongst the nodes, in accordance with the teachingshereof;

FIG. 7 is a schematic diagram illustrating an example network state ofthe network shown in FIG. 6;

FIGS. 8a-e are schematic diagrams illustrating an example of messageflows in a hierarchical arrangement of caching servers;

FIG. 9 is a schematic diagram illustrating an example of a socket setdesign for a node shown in FIGS. 6-7;

FIG. 10 is a schematic diagram illustrating an example network state forthree nodes using the socket set design shown in FIG. 9; and

FIG. 11 is a block diagram illustrating hardware in a computer systemthat may be used to implement the teachings hereof.

DETAILED DESCRIPTION

The following description sets forth embodiments of the invention toprovide an overall understanding of the principles of the structure,function, manufacture, and use of the methods and apparatus disclosedherein. The systems, methods and apparatus described herein andillustrated in the accompanying drawings are non-limiting examples; theclaims alone define the scope of protection that is sought. The featuresdescribed or illustrated in connection with one exemplary embodiment maybe combined with the features of other embodiments. Such modificationsand variations are intended to be included within the scope of thepresent invention. All patents, publications and references cited hereinare expressly incorporated herein by reference in their entirety. Theabbreviation “e.g.” is used herein as shorthand for the non-limitingphrase “for example.”

According to this disclosure the functionality of a server is modifiedto provide content acceleration using a caching system that supportsindefinite caching periods, or said another way, notification-basedinvalidation instead of, or in supplement to, time-expiration basedinvalidation. The server is typically a caching proxy server modified inaccordance with the teachings hereof, and may be part of a distributedCDN platform.

The techniques described herein may, in certain embodiments, offerimproved acceleration for a variety of kinds of traffic, and areparticularly useful for (without limitation) API traffic. Thisdisclosure describes approaches to caching of API traffic, of the kindwhere the content provider customer offers an API to its users and therequest/responses delivered via that API are carried over andaccelerated via a CDN, so as to enable productized API acceleration.

While the API use case is often used herein to provide a concreteexample and illustration, the teachings hereof are not limited to APItraffic. Any traffic that can benefit from an indefinite caching periodwith notification-based invalidation can benefit from the teachingshereof. The benefits may vary, but the teachings hereof can be used withrespect to delivery of any kind of obj ect.

In one embodiment, a system employs a set of caching proxy servers suchas the CDN proxy servers described above and these caching proxy serversare modified in accordance with the teachings hereof. Such modifiedservers are sometimes referred to herein as “Hologram” servers, amnemonic inspired from “project a hologram of your database into thenetwork”, to differentiate the system from placing the authoritativecopy of a database into the CDN system itself, which these teachings donot require (but with which would also be compatible).

Note that in some implementations, the Hologram servers may be used insupplement to other CDN proxy servers (e.g., that do not provide thecaching and acceleration functions described herein) by acting, forexample, as a cache parent to the front line of CDN proxy serversdeployed at the network edge.

In operation, the customer's origin infrastructure can issue one or moretokens (sometimes referred to as tags) with API responses, preferably incertain non-standard HTTP headers. This is an adjustment to originprogramming. The tokens drive the process of caching and invalidatingthese API responses within the CDN platform and in particular at theHologram servers. Tokens issued by origin notate the pieces of data usedin the API responses. The TTL for the API responses can be considered tobe infinite (or very long, e.g., a year) for these responses, allowingthem to be cached. The origin later invalidates by token, potentiallyinvalidating multitudes of prior API responses.

The tokens can be used as cache handling directives, allowing responsivecontent to exist in cache and remain valid for serving for a long timewhen underlying origin data is quiet, and then rapidly update inresponse to a flurry of changes at origin. This approach can supportcaching that is neither no-store nor TTL based, which are today'spredominant approaches for accelerating un-cacheable dynamic objects,and offers an eventually-consistent (but preferably rapidly consistent)data model. The approach is database-agnostic, allowing a contentprovider customer to utilize any SQL or NoSQL database they like atorigin.

The tokens can denote a variety of things. In a common case, a token isassociated with an item of data that appears in or was used to constructthe given API response. Such a token can act as a handle forinvalidating (from a caching perspective) an API response when dataassociated with that given data token changes in an origin databaseunderlying the API is no longer valid. Thus, a token can correspond toor has some ready counterpart in the underlying database. For example,the token can represent a primary key for a record in the origindatabase, and when that record changes, the token can be used toinvalidate those API responses that were based on that record.

Tokens may represent abstractions in lieu of actual fields or rows ofdata in a database. Thus tokens may denote logic that was used to createa given response at origin. For example, tokens can be used to indicatethat the API response is the product of data sorting, data selectionalgorithm, or other algorithm. Such tokens can be used as handles toinvalidate a cached response when, for example, the sort or selection ofdata (rather than the data itself) is outdated. Consider the case of aresponse that represents the most recent ten items in a table. Thisresponse could leverage such a token. Issuing tokens for the ten currentconstituent items would not properly cause an invalidation when a neweritem arrives; the newer item arriving can trigger an invalidation of thesorting token for this table rather than one of the ten original itemtokens.

Tokens may also be considered “range” tokens by expressing ranges ofvalues in a specific syntactic style that is recognized. A response canbe tagged with a range tokens that indicate, for example, a range ofvalues that the response relates to, such as a latitude/longitude rangesfor map data returned in a response. A subsequent invalidation of aspecific value within the range of previously listed range tokens caninvalidate those range tokens and the responses to which they wereconnected. Thus, an update to a given point within the range (such asthe addition of a new point of interest at particular coordinates withinthe map) can trigger cache invalidation of the previous response.

The meanings of tokens are preferably selected such that collectivelythe tokens notating a particular response are tied to the data and logicthat gave rise to the construction of the response but that might atsome later time be altered, and to match conveniently the ability tolater invalidate upon those tokens, taking into consideration how theorigin system will maintain and monitor its own state, how toconveniently refer to pieces of data by a handle, and how to reliablyexpress all changes to data through one or more tokens.

FIG. 4a provides a general overview of one embodiment and shows Hologramservers accelerating API traffic for an origin by proxying and cachingAPI content. Two alternatives are shown in FIG. 4 a. The solid linesindicate a flow in which a Hologram server fields a client request andgoes forward directly to origin. The dashed lines indicate an alternateflow in which a Hologram server receives a client request and goesforward to another Hologram server, closer to the origin, which thengoes forward to origin. The resulting response (with appended tokens) ispassed back down from the origin to the parent Hologram to the childHologram server. The Hologram caches the response, with the tokens, andfor subsequent client requests, the Hologram server can serve theresponse from local cache if the tokens are still valid. Typically, acached response can be considered invalid to serve to a subsequentclient if any of its associated tokens have been invalidated.

FIG. 4b illustrates another embodiment in which Hologram servers aredeployed in support of other CDN proxy servers (that do not haveHologram functionality) and provide a cache hierarchy function to thoseother CDN proxy servers. In FIG. 4 b, the non-Hologram CDN proxy serversfield client requests and make forward requests to Hologram servers toask for the response, rather than going back to origin directly.Hologram servers can respond from their cache (if a cached response isvalid), forward a request to another Hologram server, forward a requestto a CDN proxy (in order to ultimately forward to origin), or forward arequest directly to origin.

FIG. 5 shows an example of relationships between API responses, tokensthat represent records in an origin database, merely by way ofillustration. In FIG. 5 the example is shown on DataToken1 beinginvalidated because the record associate with Key1 was updated. In thiscase, invalidating DataToken1 in the system would mean that both APIResponse A and API Response B would be invalidated in the caches, asthey both depend on DataToken1.

In a preferred implementation the system is built into a CDN andseparate from the origin infrastructure, which hosts the databases andacts as the authoritative source of data from the API. However, theteachings hereof apply to implementations outside of CDN services aswell.

Application Programmer Interfaces (APIs)

An API, or Application Programmer Interface, is typically a wrapperaround a service, database, or system, made by one team of programmersfor another team, often outside their own organization. Some APIs aremade for public consumption, and some API's are made for internal use bya company's various teams, as an organizing function. APIs generallyencourage encapsulation of unnecessary details and enforce businesslogic and best practices. APIs often serve as a “focusing agent” to makecontributing to a system or ecosystem much, much simpler than without anAPI, as only the API needs to be understood, nothing else.

In a general technical sense, an API is often realized as a documentedset of calls that come with a definition on how they will behave, andusually, the data they will return. In the context of the web, an APIoften comprises a pattern of HTTP requests understood at a certaindomain or URL path that will act inside the web server system and withconnected systems, and return information back out to the web client, ortake an action and report a result back to the web client.

The web client will not often simply display or render the informationdirectly as returned, as in the case of web browsing, but rather, willuse some logic to programmatically act on the data. Often that logic isencoded in Javascript or natively into the client application, e.g., ina mobile app such as one written for the iOS or Android operatingsystems. In this way, transactions can be accomplished; although, itshould be said that simply laying out information on a “page” in an appis also a common use case, although technically it may not be an HTMLpage as one might understand it in the context of discussing web browsersoftware.

Data is often passed into the web API using GET and POST or other HTTPcalls, and returned from the web API using XML or JavaScript objectnotation (JSON), other open formats, or proprietary formats. The formatis generally designed to be easy for a computer to parse.

Example API Call

Much API work is a wrapper of REST calls yielding XML or JSON from SQLdatabase queries. Sometimes the queries are quite complex, or a seriesof queries is executed for a single response. Sometimesapplication-layer caching is involved for performance.

For example, consider an airline flight status lookup to a domainapi.flight-example.com as follows:

GET/xml/flight?id=12345 HTTP/1.1

Assume that this API request yields the following XML payload in theresponse:

<flightInfo>  <flightId>12345</flightId>  <carrier>   <iata>AA</iata>  <name>Airy Airlines</name>   <country>US</country>  </carrier> <number>AA100</number>  <airports>   <departure>    <iata>JFK</iata>   <name>John F. Kennedy International Airport</name>    <street1>JFKAirport</street1>    <street2/>    <cityName>New York</cityName>   <city>NYC</city>    <state>NY</state>    <postcode>11430</postcode>   <country>US</country>    <countryName>United States</countryName>   <regionName>North America</regionName>   <timezoneName>America/New_York</timezoneName>   <weatherzone>NYZ076</weatherzone>    <latitude>40.642335</latitude>   <longitude>−73.78817</longitude>    <elevationFeet>13</elevationFeet>  </departure>   <arrival>    <iata>LHR</iata>    <name>HeathrowAirport</name>    <cityName>London</cityName>    <city>LON</city>   <state>EN</state>    <country>GB</country>    <countryName>UnitedKingdom</countryName>    <regionName>Europe</regionName>   <timezoneName>Europe/London</timezoneName>   <latitude>51.469603</latitude>    <longitude>−0.453566</longitude>   <elevationFeet>80</elevationFeet>   </arrival>  </airports> <status>late</status>  <times>   <departure>    <scheduled>    <local>2013-01-01T18:10:00.000</local>    <utc>2013-01-01T22:10:00.000Z</utc>    </scheduled>    <actual>    <local>2013-01-01T18:05:00.000</local>    <utc>2013-01-01T22:05:00.000Z</utc>    </actual>   </departure>  <arrival>    <scheduled>     <local>2013-01-02T06:20:00.000</local>    <utc>2013-01-02T05:20:00.000Z</utc>    </scheduled>    <actual>    <local>2013-01-02T06:09:00.000</local>    <utc>2013-01-02T05:09:00.000Z</utc>    </actual>   </arrival>  <takeoff>    <scheduled>     <local>2013-01-01T18:49:00.000</local>    <utc>2013-01-01T22:49:00.000Z</utc>    </scheduled>    <actual>    <local>2012-08-07T18:23:00.000</local>    <utc>2012-08-07T22:23:00.000Z</utc>    </actual>   </takeoff> </times>  <codeshares>   <codeshare>    <carrier>     <iata>GF</iata>    <name>Great Air</name>    </carrier>   <flightNumber>6654</flightNumber>   </codeshare>  </codeshares> <airportinfo>   <departureTerminal>8</departureTerminal>  <departureGate>B3</departureGate>  <arrivalTerminal>3</arrivalTerminal>   <arrivalGate>36</arrivalGate> </airportinfo>  <equipment>   <iata>777</iata>   <name>Boeing 777Passenger</name>   <enginetype>jet</enginetype>  <equipmentNumber>N783AN</equipmentNumber>  </equipment> </flightInfo>

This response carries information about a flight, including the airportsand flight equipment, but also timestamps regarding planned and actualevents. The information in this request will likely not change at allwhile waiting for the flight, and then a flurry of changes will occurover a few hours that are very real-time sensitive to any consumer ofthe API, and then after conclusion of the flight, the data will againsettle to a permanent quiet period. In the event that some major pieceof data changes leading up to the flight, it's likely to be the type ofaircraft or departure time or terminal, and in both cases these arechanges that should be reflected as instantly as possible in responses.

Serving this type of API response over a dynamic no-store CDN deliverysolution with all traffic terminating at origin may make it morereliable than self-hosting. Adding a small period of time-based (TTL)caching in the CDN may make the origin traffic more tolerable, althoughglobal latency to consumers is only helped as the TTL rises, which atsome level counteracts data freshness. Setting a high TTL and appealingto the purge functionality of a large CDN will result in purgetimeframes that are too long for satisfactory updates for this andsimilar use cases. A new way to look at caching and purging capabilitymay be useful here, and is addressed by the teachings hereof.

Appending Hologram Data Tokens To Example API Response

The Hologram system can accelerate API output similar to that of the APIexample response above.

In one embodiment, the origin API response can be augmented to complywith Hologram. An HTTP header named “X-Hologram-Data” can be added,which can be listed before the payload as a normal header, or after thepayload as a trailer. The use of a trailer may be advantageous becausethe metadata in the trailer will come as a byproduct of payloadconstruction at origin. In the example below, the value of this headercarries tokens separated by commas and optional whitespace followingeach comma, and the tokens denote data (rather than logic used toconstruct the response, or ranges).

... Trailer: X-Hologram-Data ... X-Hologram-Data:flightId:12345,airport:JFK,airport:LHR,carrier:AA,flightnumber:AA100,carrier:GF,flightnum:GF6654,equipmentnumber:N783AN,equipment:777

The size of the added header or trailer, perhaps a couple hundred bytes,would typically add very little to the overall size of the API response,and it would enable Hologram caching. In this example, the metadata is alist of comma-separated tokens. As mentioned previously, a variety oftypes of tokens are possible (data tokens, selection/sorting tokens,etc.) and a variety of formats are possible too. In this case, the dataquery was a direct lookup of a flight ID, so only tokens denoting origindata are necessary, and all tokens are essentially table/primary-keycombinations.

(For the purpose of this example, assume we know the table names andstructure at origin. This is not necessarily reflected in the XML of theAPI response. In practice, the tokens can be issued by code written bythe same developers as the API and thus they understand the underlyingdata schema.)

The token can be constructed to relate to any set of data in theunderlying database at origin. In this example, assume the databasesupporting the API has a flight table containing the flight ID as aprimary key. Therefore it is convenient to have the token be based onand represent the table/primary-key into the database, and so the form“table:key” is a reasonable default template.

The system is flexible though, and the system is generally agnostic tohow the token relates to the origin database. The actual table name neednot be used; as long as the name is a way to reference a bundle of datathat will change or remain constant together. Full normalization is notrequired; every table relationship need not be represented, as long aswhen the data changes, one of the tokens represented on this line isconsidered affected by origin. In sum, the token need not be the actualprimary key, though it preferably represents a unique indexed key orhash that the origin can reference rapidly and relate to the actualprimary key in the database. In fact the table-colon-value structure isalso not needed, and any token matching the regular expression“[A-Za-z0-9/:;_−]+” can be accepted. Syntax extensions may also permitadditional feature expression.

This flexibility means that any kind of data can be tokenized for thesystem. The above example focuses on a SQL database context, but no-SQL,memcache, or even file system elements can be converted into tokens.(For example, an origin could decide to have a token that represents thename of a stored file.)

Returning to the example, the API response references two airports, thedeparture and arrival airports. Note that for the purpose of tokens, therelationship of the airports is now irrelevant, so which one is thedeparture versus arrival is not notated, nor is any reference back tothe XML necessary at all, as the system need not attempt to parse theXML, and in fact this data payload could have been encoded as JSON oranother format.

In an alternate embodiment, the system could determine the tokens fromthe API response payload itself, rather than relying on origin toproduce and append the data tokens in a header. This might occur with orwithout assisting domain-specific configuration in the CDN for thatcontent provider's API traffic. The domain-specific configuration in theCDN would contain transformation instructions to convert the variouspayloads into control headers or equivalent expressions with appropriatetokens. For example, a configuration may call for the origin responsepayload to be scanned by a Hologram server for certain predeterminedpatterns or markup that designates token information embedded in theresponse. The token information would typically then be stripped out ofthe response and converted into a header or other equivalent field forcommunication within the Hologram system.

As another example, an XSLT file could be associated with each URLpattern in an XML-emitting API, and when a response traverses through aHologram server (e.g., a Hologram server closest to the origin), theXSLT would be applied to the XML in a standards-compliant manner, inorder to generate a resulting document that is the same as, or an XMLfragment easily parseable into, the needed header(s) that could havebeen transmitted along with the response in the first place. Similarly,for JSON responses, a document expressing data structure paths to walkin order to lift values from the JSON could be saved instead of XLST.

After transformation, the transformed document provides the control data(the tokens) that would normally accompany a payload, but thetransformation is not intended to necessarily replace the payload.Because the control data ordinarily should not need to change betweenservers, if a server would normally retain a control header from originthen after performing a transformation, the server may append thecontrol headers derived from transformation to the other HTTP headersbefore returning the response to a downstream requesting Hologramserver. Thus, in the context of FIG. 4a (dashed lines), the parentHologram server could append the control data before transmitting thedecorated response to the child Hologram server.

Continuing through the XML in the API response, we see that timestampsare available for events such as a flight departure time. These are allconsidered atomic data represented in the token list under the token“flightId:12345.” Thus when timestamps change or new timestamps areadded, the origin programming would be configured to know that allresponses that had the token “flightId:12345” are affected, and(presumably) need to be invalidated.

Carrier codes are represented in the token list by mentioning a tokeneach for the related carrier and for the related carrier's flightnumber. Because this type of flight number is a consumer flight number,the developer at origin can design to have it stored in a separate tableand to use a “flightnum:” table designator as a token.

Finally, the “equipmentNumber:N783AN” and “equipment:777” tokensrepresents the aircraft itself and a record for the type of airplane(equipment).

Caching Based On Appended Tokens & Invalidation of Tokens

Described above was the issuance of tokens from origin with API responsepayloads, and how the tokens can represent the data structures in origindatabases that gave rise to the content in the payload.

For API responses, the cache time can be infinite or very long-lasting,unlike TTL-based caching where some time is expressed. AHologram-compatible response is valid so long as none of the constituenttokens are invalidated. In other words, in one implementation, the HTTPproxy caches in a CDN may cache the API responses indefinitely, untilaffirmatively invalidated by origin.

In the flight record example above, until an invalidation is receivedfor one of the 13 tokens listed, the response XML document is consideredto be valid to serve in response to end user client requests. Duringthis time, which may be quite long, the document may be cached by theHologram servers in the network and served repeatedly from cache.

In an alternative embodiment, the Hologram system could require periodicrevalidation of tokens with origin as a safety precaution, and it couldalso overlay a global TTL to expire API responses notwithstanding thattheir corresponding data tokens are still valid, as a safety precautionor as a data storage conservation measure. These are both compatiblewith the teachings hereof.

In an embodiment, a Hologram server can obey standard cache-related HTTPheaders emitted from origin, given that such headers would be expressedin conjunction with Hologram control headers and thus could take intoaccount that a much longer time period is appropriate. Obeying allnormal HTTP headers is compatible with the teachings hereof

There are many possible techniques for invalidating a token. Just by wayof example, a token might be invalidated by (i) the inclusion of aninvalidation assertion for a token in a given API response, or (ii) theactive calling of a Token Invalidation API by the origin (when originchanges data outside the context of serving a web request). Such a‘Token Invalidation API’ is not to be confused with the API beingaccelerated.

Turning to invalidation mechanism (i) the Hologram network of serverspreferably can handle an invalidation inline with any API response. Inmost cases, the API response will actually be a response to a clientrequest to update the API database (i.e., a ‘write’ message), insofar asthat event will cause records in the database to change and precipitatean invalidation. However, the architecture can also support aninvalidation inline with a response to a client request that is notwriting to the database.

To illustrate: let us say for purposes of illustration that the flightstatus API from above also allows updates to data, and an authenticateduser has issued an HTTP call to that API that will update the flightnumber of the Great Air codeshare for the flight. In the API responsefrom origin, for example an HTTP 200 ‘ok’ response, a Holograminvalidation can be included:

X-Hologram-Data: !flightnumber:AA100,!flightId:12345

This notation would invalidate any document relying on the originalflight number and the flight in question by the flight ID. Theinvalidation is asserted by listing tokens prepended with an exclamationmark to indicate invalidation. The Hologram node can be responsible forinitiating the propagation of the invalidation through the remainder ofthe Hologram network, or preferably for sending the invalidation to apublisher-node in the network that publishes an invalidation channel forthe given API domain, more detail on which will be given below.

Turning to invalidation mechanism (ii), the Token Invalidation APImechanism can operate as follows: at some point, assume a piece ofinformation changes. Let us assume that the XML was retrieved before theaircraft landed, and then the aircraft landed, resulting in“arrivalDate”, “status”, and “actualArrival” nodes to be updated in theXML. The origin may utilize a private and secured Token Invalidation APIcall to the CDN network to invalidate tokens. HTTPS and some form of APIkey authorization could be overlaid to the example here. The “/hologram”path would be a pseudo-path understood by Hologram-enabled domainsserved by the CDN network.

POST /hologram/invalidate HTTP/1.1 ... tokens=flightID:12345

In many cases, the invalidation of a single token can function toinvalidate all responses that were marked with that token, which couldpotentially represent multitudes of API response documents network-wide.The invalidation message must be propagated across the machines thatsupport Hologram. This single invalidation can be sufficient toinvalidate the XML response above, such that a subsequent client requestfor the same content will need to be forwarded to origin to resolve.This invalidation also simultaneously invalidates any other responsethat depends on information about flight 12345, that is, any documentspreviously served with a token of “flightId:12345” among its variousappended tokens.

As an alternative invalidation example, let us pretend that LondonHeathrow Airport was changing its name to The Royal Airport. Theinvalidation API call would be:

POST /hologram/invalidate HTTP/1.1 ... tokens=airport:LHR

Once propagated, any response containing information about Heathrow onthis particular API is now invalid in the CDN network, and futureresponses from origin would reflect a different airport name, allowingnewly-correct data to populate the CDN network in cache as clientrequests are fulfilled.

Preferably, the origin can hold open a persistent HTTP or SPDYconnection to the Token Invalidation API entrypoint, so that theanticipated series of invalidations can be multiplexed across thisconnection.

In an alternate embodiment, a Web Socket service could be made availablesuch that origin would open a Web Socket to a CDN server (e.g., one ofthe Hologram servers or otherwise), and use the Web Socket to transmitinvalidations or messages carrying tokens with updated serial numbersimplicitly advising of invalidations by virtue of increment, as will bedescribed below.

In yet another example, a hook polling call can be requested by origin,meaning that either origin would make an API call to request, or thedomain-specific CDN configuration would dictate, a regular polled HTTPrequest from a CDN server to the origin, requesting any and all updatedtoken information, which would then be presented by origin in theresponse, as an alternative to providing it in normal data-carryingresponses.

Serial Number Tokens

In an alternate embodiment, a token can have a serial number syntax. Forexample, each token can be identified by name or moniker (e.g.,flightID:12345) with a serial number (flightID:12345.1). More robustly,the serial number format could be expressed as an @ sign followed by aserver number, a colon, a serial number, a colon, and a timestampexpressed as an epoch timestamp number in seconds. For example, with anassigned server number of 2000, a serial number incremented to 101, anda timestamp of 1380679283 (corresponding to Oct. 1, 2013 7:01:23 PDT):flightID:12345@2000:101:1380679010

The identification of the token with the moniker but no serial numbersyntax is referred to below as ‘short-form’, while the use of a serialnumber syntax is referred to as ‘long-form’. Such forms of tokens aremerely examples to illustrate a concrete implementation and not meant tobe limiting.

The serial number can be thought of as a version or iteration number ofthe token, and each time the corresponding data at origin is updated,the count is incremented. This approach relieves the origin of having tosend an express invalidation command; instead, it can merely report theiteration that is now current, and this can function as an implicitinvalidation command, as a Hologram node knows to treat all prior tokeniterations as invalid. Hence, with each API response the origin couldappend the latest iteration of the relevant data tokens. Thisinvalidation mechanism would also be compatible with the TokenInvalidation API described earlier.

As one skilled the art will recognize, the system could use variety ofalgorithms and token syntaxes to enable a given Hologram server tocompare a token cached with a response against a subsequently-receivedtoken and make a decision as to whether the cached token is valid. Theapproach could depend on timestamp ordering, vector clock approaches, orLamport time stamps, for example.

Exemplary Hologram Network

The following describes a non-limiting embodiment of a network ofHologram servers. An introductory overview to the communications of theHologram network is presented first.

In this embodiment, the various servers in a Hologram network functionas an HTTP proxy network that is capable of answering HTTP clientrequests, forwarding requests to nodes closer to origin, forwarding toorigin, and caching the responses returned as they are served back.

In addition, the Hologram servers can communicate to each other over amessaging system that is separate from the HTTP channel used tocommunicate with clients and to request and retrieve responses forclients. (The Hologram messaging system could leverage HTTP too, ifdesired, but for purposes of description herein assume the HTTP trafficrefers to the clients' content requests and responses thereto, as wellas the forward requests and forward responses resulting from proxyoperations.)

Messages are exchanged by the Hologram servers with one of them actingas a registrar, tracking and assigning which of the servers on thenetwork holds publisher status for any given domain name at any giventime. Messages are also published on a publisher-subscriber model fromeach respective publisher to all servers that have subscribed by virtueof receiving HTTP client requests for a domain for which the publishingserver is the publisher, as tracked by the registrar. The subscriptionwill communicate token invalidations to subscribed servers, and thus inthis approach being subscribed is the status required in order to treata local cache as authoritative for a given domain. Messages are alsopassed from non-publishers to the publisher of a given domain if thenon-publisher goes forward to origin with an HTTP request (and receivesan origin response with a token invalidation) or receives a request fromorigin on the Token Invalidation API, either of which can cause it tohave token messages that should be published.

All of the various connections can have logical timeout conditions basedon traffic on the connection itself; further, subscriptions may beunsubscribed per domain as HTTP traffic for that domain becomes absent,and publisher status may be cleared as HTTP traffic for a given domainbecomes absent at the publisher. All message connections are describedas direct but may also be made to be indirect, through one or morebroker nodes or parents, for scalability. The registrar can be anotherwise normal Hologram server acting as registrar in addition toregular actions, but it may be a dedicated registrar-only server or setof servers, or an abstract service provided by other means, such as adistributed database service or DNS service.

FIG. 6 is a diagram illustrating various roles and functionality of anexample Hologram server platform. In the embodiment shown in FIG. 6, theadditional layer of non-Hologram CDN proxy servers (FIG. 4b ) betweenthe clients and Hologram servers is not used. That embodiment will bedescribed later.

With reference to FIG. 6, a variety of Hologram servers 602 aredistributed in the platform. Labeled line segments represent connectionsbetween machines; solid lines designating HTTP request and responsemessages, and dashed and dotted lines designating connections betweenHologram servers for passing token-related and other messages. Thedotted lines designate messages for a registrar and the dashed linesdesignate messages amongst Hologram servers in a publisher-subscriber orpeer relationship. In some cases multiple numerical labels are used asshorthand to indicate multiple line segments between the same nodeswithout drawing the line segments in duplicate.

Assume that user with client device 610 makes an API request using HTTPto Hologram server 602 a, as indicated by arrow 1.

Server 602 a determines the host domain for the instant HTTP request anddetermines if the Hologram subscribed status is set locally for thedomain. Assume that the status is unsubscribed. As a consequence ofbeing unsubscribed (and also not being the publisher), server 602 a isprecluded from consulting its local cache for a previous response.Server 602 a determines the closest Hologram server to origin 601 asserver 602 b, and thus prepares to forward the HTTP request to server602 b (configuration may have instead led to server 602 a forwarding toone or more cache parent servers before ultimately forwarding to server602 b). Server 602 a forwards the HTTP request to server 602 b asindicated by arrow 2.

Server 602 a sends a message to server 602 c which serves currently asthe registrar on the network, indicating the domain, its own identity,and a flag indicating that the HTTP request is being forwarded toanother Hologram server. This message is indicated by arrow 3. Server602 c acting as the registrar determines that no publisher is set forthe given domain and the requesting server is forwarding internally, andreturns an unknown response, indicated by the return on arrow 3.

Server 602 b receives the HTTP request forwarded by server 602 a andperforms the same domain check. Assume that server 602 b is alsounsubscribed. Server 602 b forwards the HTTP request to origin 601,indicated by arrow 4.

Server 602 b also messages server 602 c, the registrar, indicated byarrow 5, and because server 602 b is the closest Hologram server toorigin (or based on some other metric or combination thereof), server602 c assigns server 602 b to perform the publisher role for the domainin question, returning its own identity in the reply message indicatedby the return on arrow 5. Server 602 b sets itself as the publisher forthe given domain upon receiving the reply.

Assume that the reply from registrar server 602 c indicated by thereturn on arrow 5 arrives at server 602 b prior to the completion of theHTTP response received from origin 601 indicated by the return on arrow4. When the HTTP response from origin 601 is received, the tokensattached to the response are parsed, and the response is cached locallyat server 602 b, with the tokens indexed. In this implementation, eachtoken is upgraded from short form to long form if not received in longform from origin, with server 602 b assigning serial numbers to eachtoken and its own server number. The long form tokens are the formcached locally, and returned over HTTP by replacing the original headercarrying tokens.

Server 602 b replies to the HTTP request from server 602 a, as indicatedby the return on arrow 2. Server 602 a, having an unsubscribed status,does not cache the response locally but strips token-related headers andreturns the response to client device 610 as indicated by the return onarrow 1. (If server 602 a had a subscribed status, it could cache theresponse locally for use in responding to subsequent client requests forthe same content, as will be stated in more detail below.)

Next, assume that user with client device 611 makes an API request toHologram server 602 a, as indicated by arrow 6, and the request is forthe same content as that previously requested by client device 610.Assume that on this domain, cache keys are not derived from useridentity.

Server 602 a performs the same checks as before, and sends a message tothe registrar at server 602 c as for the first HTTP client request. Thismessage is indicated by arrow 7. Server 602 c responds with the identityof server 602 b as the publisher, as indicated by the return on arrow 7.Server 602 a opens a subscription connection to server 602 b, reusing aconnection if one is open, as indicated by line segment 9. Server 602 aperforms the same calculation to determine the server closest to originas before, and forwards the HTTP request to server 602 b, as indicatedby arrow 8.

Server 602 b consults its local cache, being the publisher, and findsresponsive content for the HTTP request. Further, server 602 b verifiesthat each token attached to the original request has not beeninvalidated explicitly or implicitly (e.g., by serial number increment)since the response was cached, and returns the cached content to server602 a, as indicated by the return on arrow 8.

Assume that the subscription indicated on line segment 9 is engagedprior to the completion of the HTTP response received from server 602 bindicated by the return on arrow 8. When the HTTP response from server602 b is received by server 602 a, the tokens attached to the responseare parsed, and the response is cached locally at server 602 a, with thetokens indexed. Because the tokens are long form with server 602 bidentified as the server provenance, no upgrade is necessary, and theywill later be comparable with incremented serial numbers issued byserver 602 b.

Further requests to server 602 a for the same content as above wouldresult in the content being returned from the local cache at server 602a, provided that the customary HTTP cache control was satisfied orabsent (Cache-Control headers and similar) as well as that none of thetokens originally given with the response have since become invalid by amessage from the publisher (server 602 b ) over the subscription channelfor that domain.

By way of further illustration, assume that client device 612 makes arequest for the same content as above, to server 602 d, as indicated byarrow 10. Server 602 d would, similarly to the process described above,request publisher identity from server 602 c, as indicated by arrow 11,forward the HTTP request to server 602 b, as indicated by arrow 12, andsubscribe to server 602 b for domain messages, as indicated by linesegment 13.

Assume that client device 612 later makes a “write” request on the API,sending an HTTP POST to server 602 d, as indicated by arrow 14. Assumethis domain is configured not to cache POST responses, as is fairlycustomary with HTTP. Server 602 d forwards the request to server 602 bas indicated by arrow 15, which forwards the request to origin 601, asindicated by arrow 16.

Origin returns an HTTP response as indicated by the return on arrow 16,and when received at server 602 b, the Hologram tokens are parsedsimilarly to the description above; this time, however, the origin'sHTTP response message contains an invalidation for a token using theprepended exclamation point syntax. Assume that the token invalidatedwas one of the tokens previously mentioned on content returned to clientdevices 610, 611, and 612 as described above. Server 602 b upgrades thetoken to long form (if not already in that form from origin) with ahigher serial number on the token being invalidated than previouslyassigned. Server 602 b creates a token message that is published toservers 602 a and 602 d by virtue of their subscription to tokenmessages for the domain. Servers 602 a and 602 d receive the tokenmessage and update their local token caches to indicate the higherserial number, implicitly invalidating the HTTP responses previouslycached with the older version of the token (as will be discovered byservers 602 a and 602 d, e.g., when they attempt to use the previouslycached response and compare the token serial numbers and/or timestamps).

The HTTP response for the API “write” action is returned to server 602d, as indicated by the return on arrow 15, and then sent to clientdevice 612, as indicated by the return on arrow 14.

Further requests to servers 602 a, 602 b, or 602 d for the contentpreviously cached using the now-invalidated token will result in fulltraversal back to origin 601 as previously described, with thesubsequent repopulation of cached content similarly to previouslydescribed.

Assume that client device 612 makes a request for content as above, toserver 602 d, as indicated by arrow 17. Assume that server 602 dcalculates that it should forward directly to origin, possibly asupplementary system has indicated that load is high on server 602 b, orjust the result of an alternative implementation. Server 602 d forwardsthe HTTP request to origin 601, as indicated by arrow 18. Upon receivingthe response, Hologram tokens are parsed, and are in need of publishingbut server 602 d is not the publisher. Server 602 d opens a connectionfor peer-to-peer token passing, or utilizes an existing connection, toserver 602 b, the publisher for the domain, and passes the tokenmessages to server 602 b, as indicated by arrow 19. After updating itstoken cache, server 602 b passes the message to all subscribers, whichin this moment are servers 602 a and 602 d. Server 602 a receives thetoken message, as indicated by arrow 20, and updates its local tokencache. Server 602 d receives the token message, as indicated by arrow21, but will not need to alter its token cache as it was the source forthe message and has already done so.

With reference to FIG. 7, a snapshot state of an example Hologramnetwork is shown. This is a non-limiting embodiment. In this state, allHologram servers 702 a, 702 b, 702 d, and 702 e have connections open toserver 702 c acting as the registrar. HTTP traffic for one domain hasbeen received from client devices and has resulted in open HTTPconnections from servers 702 a, 702 d, and 702 e to server 702 b, and aconnection from server 702 b to origin 701; an HTTP connection is alsoopen from server 702 d to origin 701. To facilitate message publishing,servers 702 a, 702 d, and 702 e, the same servers that have open HTTPconnections, also have open subscription connections to server 702 b,which has been assigned the publisher role for the domain in question.Additionally, server 702 d has an open peer connection to server 702 bin order to pass token messages arising from contacting origin for HTTPresponses. Messages regarding token invalidations generally can bedistributed outwards from a point close to origin to all subscribednodes, even if they are not originated on the server designated aspublisher and must first be sent over to the publisher. Token messagescan invalidate prior responses that a subscribed node may have saved incache, and being subscribed is the state that permits the cache to beauthoritative in the face of infinite or very long TTL's.

In an alternate embodiment, a CDN employs Hologram servers in supplementto non-Hologram HTTP proxy servers, as illustrated previously inconnection with FIG. 2 and FIG. 4 b.

In this alternate embodiment, a Hologram server is still responsible forgoing forward to origin to fetch and cache Hologram-enabled APIresponses, storing tokens and indexing upon them for rapid access bytoken, and for receiving and propagating token invalidations as fast aspossible, and can otherwise operate as described in connection with FIG.6, above. However, the Hologram server sits behind a non-Hologram HTTPproxy, for example of the kind that populate a CDN platform without thebenefit of the teachings hereof.

With non-Hologram HTTP proxy servers alone, a no-store ormust-revalidate transaction typically has the type of flow shown in FIG.8a (where the non-Hologram HTTP proxies are simply designated as‘Proxy’). In the notation used in FIG. 8a -e, arrows represent thedirection of requests; content (in responses) flows left-to-right.

A TTL-based caching transaction has a type of flow shown in FIG. 8 b,depending on where a valid, unexpired copy of the requested content isfound.

In the case of the TTL-based caching, the first instance in FIG. 8bshows a cached response close to the client; the second instance shows acached response close to the origin; and the third instance shows acached response close to the origin.

We will now introduce Hologram nodes (notated “Holo”). Proxy serverswill be asked to treat responses as no-store or must-revalidate (i.e.,as dynamic objects) or as cacheable objects but with a very minor TTLsuch as a couple of seconds, while Hologram servers may be authoritativein caching. The Hologram network may be considered similar to acache-hierarchy. This yields the flow possibilities shown in FIG. 8 c.

In the first instance shown in FIG. 8 c, long network traversal isavoided by a Hologram server having a cached document and understandingthat as of that instant it is not aware of any token invalidation thatrenders it invalid; in the second instance, the Hologram server does nothave a valid document, and forwards the request to a Hologram serverclose to origin for a second try (a cache choking technique); in thethird instance, the long haul is necessary to contact origin for anauthoritative answer.

Alternative, without Hologram reverse-mapping, the flow is as shown inFIG. 8 d.

As before, active token invalidation assertions can emanate from originand are propagated from the initial Hologram server receiving theinvalidation to other Hologram servers using a publisher-subscriber orother technique, as shown in FIG. 8 e.

Support For Message Flow Within Hologram Nodes

Described below is an exemplary socket implementation for messagingwithin a Hologram node. The following is intended only to be anon-limiting example for purposes of illustrating a possible design.

In this embodiment, the Hologram nodes are designed Hologram nodes aredesigned with a set of socket operations that facilitate the messageflows for support of Hologram subscriptions and invalidations. Theseoperations can augment conventional HTTP proxy capabilities.

FIG. 9 shows an example socket set design that is from the perspectiveof a single Hologram server. The name shown on each box is a name in theHologram server used to identify the variables holding references to thesockets and label the log lines showing communication to/from thesocket. The type and function of each socket is described below.

In this example design, sockets are dedicated to limited function andthus two nodes may be connected with more than a single socket at thesame time. An alternative design would consider these boxes to representvirtual handles to other nodes and for single sockets at most to beopened between nodes, with multiple message types carried on the samesocket; queues, enforcement of and other details would differ inreasonably straightforward ways.

The design is based on messages, which implies a framing format for thebeginning and end of messages, a maximum size for messages, and headersto carry source, destination, routing, and other message-passinginformation. A message queue library may be employed to provide thislayer of functionality, or these rules can be designed on a custombasis. A subsystem of “heartbeat” messages between all nodes thatnormally communicate should be implemented in addition to the messagesdescribed below; a failed heartbeat should count as a broken connection,which particularly for subscribers should be deemed an involuntaryunsubscription event.

This is design, the “IN” and “PASS” are not single sockets but arrays ofsockets, starting at zero members and growing and shrinking with normaloperation. For simplicity in explanation, this is not shown in FIG. 9.

The Hologram messaging system may be engineered to run in the sameoperating system process(es) as the HTTP proxy system, or it may beengineered to run separately, in which TCP sockets or an inter-processcommunication system native to the operating system may be used to passmessages from the HTTP proxy system to the Hologram messaging system. Atleast two types of messages are germane for this inter-process link; seebelow for messages arriving at REP and APP.

The following is a description of the message types.

“REP” is an object representing a listening socket that accepts multipleconnections and performs the server side of a request-reply paradigm.The client side sending requests is the local HTTP proxy system on thesame server.

Example Inbound Requests and Subsequent Replies:

-   Inquiry from HTTP proxy software about a domain, to see if it is    subscribed.-   Format: “SUB host HOP|FINAL”-   e.g. “SUB example.com HOP”-   Reply options:-   Format: “OK PUB|SUB host timestamp”-   e.g. “OK PUB example.com 123456789”-   Format: “PENDING host”-   e.g. “PENDING example.com”-   Inquiry from HTTP proxy software for an incremented serial number    for a domain.-   Format: “SERIAL host”-   e.g. “SERIAL example.com”-   Reply:-   Format: “SERIAL host server_id number”-   e.g. “SERIAL example.com 1000 1234”

“APP” is an object representing a listening socket that accepts multipleconnections and accepts messages, playing the role of pull in apush-pull paradigm. The push side sending requests is the local HTTPproxy system on the same server.

Example Inbound Messages:

Notification from HTTP proxy software that a token event should beprocessed. Format: “DATA host token [@ server_id:number:timestamp]” e.g.“DATA example.com users: 123@1000:1234:123456789”

“REG” is an object representing a socket that connects form a normalnode on the Hologram network to the registrar node on the Hologramnetwork and performs requests in a request-reply paradigm. The oppositeend of this socket will connect to “RGR” on the Hologram registrar; see“RGR” for message details. The Hologram registrar, if and whenprocessing data as a normal node, will resolve registrar-relatedquestions by “sending” a message on “REG” to “RGR” and processing thereply as a separate event.

“RGR” is an object representing a listening socket that accepts multipleconnections and accepts messages from Hologram nodes and replies to themas the registrar. Preferably, all Hologram nodes have the capability toact as the registrar. An external monitoring system may signal allHologram nodes when the registrar needs to change, either by changing aDNS entry or changing local configuration; alternatively, the Hologramnodes can rely on a failover strategy internal to the network.

Example Inbound Requests and Subsequent Replies:

-   Inquiry from a Hologram node to request the publisher identity for a    host, and to provide for a default action of volunteering to be    publisher if necessary.-   Format: “GET host HOP|FINAL requester_ip_address”-   e.g. “GET example.com HOP 1.2.3.4”-   Reply:-   Format: “KNOWN host ip_address”-   e.g. “KNOWN example.com 1.2.3.4”-   Format: “UNKNOWN host”-   e.g. “UNKNOWN example.com”-   Instruction from a Hologram node to clear its publisher status.-   Format: “CLEAR host requester_ip_address”-   e.g. “CLEAR example.com 1.2.3.4”-   Reply:-   Format: “OK CLEAR host cleared_ip_address”-   e.g. “OK CLEAR example.com 1.2.3.4”

“OUT” is an object representing a listening socket that accepts multipleconnections from other Hologram nodes subscribing to messages regardingdomains for which the given node is the publisher. The Hologram nodewill publish token messages to subscribed nodes via the “OUT” objectwhich ensures that the message is distributed to the connectedsubscribers, optionally filtering to limit messages to domains which thesubscribers indicate, in order to allow all domains published from thesame node to be published over the same sockets.

Messages sent over sockets in the “OUT” object arrive at the sockets inthe “IN” objects at various other nodes.

“IN” is an array of zero or more objects representing sockets thatconnect to Hologram publisher “OUT” sockets to receive messages in asubscriber role or a publisher-subscriber paradigm. “IN” sockets areadded to the array as the need arises to subscribe to per-host messages,which is typically determined by activity on the “REP” socket, followedby activity on the “REG” socket.

In order to bolster scalability of the network, Hologram “IN” nodes maymake connections directly to broker nodes which make connections ontothe final destination, thus making the overall number of connections ona fully-connected network lower than if every node connected to everyother node. The organization of broker nodes may be hard-coded ornominated by dynamic election or other self-organizing strategy based inwhole or part on configuration. Further, brokers may communicate withother brokers in arrangements to further separate direct connections.

If HTTP proxy activity for a particular host is not seen (by way of the“REP” socket) by a subscriber for some predetermined length of time, anode can unsubscribe from those messages on a per-host basis.

Example Inbound Messages:

-   Notification from a Hologram publisher that a token event should be    processed. Format: “DATA host token [@ server_id:number:timestamp]”-   e.g. “DATA example.com users: 123@1000:1234:123456789”-   Notification from a Hologram publisher that publishing will    discontinue for a host.-   Format: “DATA host:END publisher_ip_address”-   e.g. “DATA example.com:END 1.2.3.4”

“PASS” is an array of zero or more sockets opened to connect to otherHologram nodes which are publishers in order to pass message in the pushrole of a push-pull paradigm. Messages passed over “PASS” are tokenmessages that originate off-publisher but must be made authoritative andpropagated. The opposite end of this socket will connect to “FUN” oneach Hologram publisher; see “FUN” for message details.

If a node has opened a “PASS” socket to a publisher but has had nomessages to pass over to the peer, for any host, for 1800 secondscontinuously (30 minutes), the “PASS” socket to that publisher is closedand removed from the array.

The existence of “PASS” sockets and the corresponding “FUN” sockets inthe Hologram system can provide scalability in the subset of the networkcontacting origin; without them, all requests preferably go through oneHologram server to origin. The presence of “PASS”/“FUN” sockets is onemechanism to permit multiple Hologram nodes to go forward to origin forHTTP responses, as consequent Hologram invalidations retain a paththrough the network.

In the event that a Hologram node generates a token message but does notcurrently know the publisher for the given host (a situation that mayarise in normal operation because the registrar has only received, atthe time it was consulted by this node, GET calls with “HOP” status andno “FINAL” status for the last node before origin; also, may arise fromabnormal operation such as a server restart), the node will pass themessage to the registrar using a “PASS” socket. The registrar itself canact upon the message arriving at its “FUN” socket; see “FUN” fordetails.

“FUN” is an object representing a listening socket that accepts multipleconnections and plays a pull role in a push-pull paradigm, to receivetoken messages from “PASS” sockets and acts upon them, usually bypassing them to the “OUT” socket. The “FUN” socket on the registrar maygive rise to the application-level queuing of a message. As soon as apublisher is determined, a “PASS” socket on the registrar is used topass the queued messages to the publisher's “FUN” socket where normaloperation will continue.

Example Inbound Message:

-   Notification from a Hologram peer that a token message should be    propagated.-   Format: “DATA host token [@ server id:number:timestamp]”-   e.g. “DATA example.com users: 123@1000:1234:123456789”

In FIG. 10, an example network state is shown. “H1”, “H2”, and “H3” arenodes on a Hologram network. This is a non-limiting embodiment providedfor purposes of illustration.

Within each node of this example, the “PRSO” (proxy subscriptionsoutput) and “PRTO” (proxy tokens output) objects are sockets opened inthe HTTP proxy software. There are one per Unix process on amulti-process proxy daemon, but for simplicity a single box is drawn foreach. “PRSO” is an inter-process socket that plays a request role in arequest-reply paradigm, to communicate with the “REP” socket of theHologram adjunct software. “PRTO” is an inter-process socket that playsa push role in a push-pull to communicate with the “APP” socket of theHologram messaging software.

In the example shown in FIG. 10, “H3” is acting as registrar. “REG”,“REG2”, “REG3” are all open to “RGR3” in order to facilitate queriesnecessitated by traffic arriving on “REP” sockets. “H1” is publishingfor at least one domain, and “H2” and “H3” have both seen traffic forthat domain, and subsequently subscribed to receive updates via “IN2”and “IN3”.

Additionally, in FIG. 10, the reverse-map system has caused both “H2”and “H3” to become final hops before origin for domains for which “H1”is the publisher (possibly the same domain as above) and therefore“PASS2” and “PASS3” are open to “FUN”. “H2” has been the final hop to adomain before it knew which node serves as publisher, and thus it hasopened “PASS2” to “FUN3” as well, in order that the message be sent tothe registrar.

Representing Selection & Sorting Criteria and Other Logic as Tokens

In some embodiments, certain tokens included in origin responses may notrepresent primary keys or sets of data, but rather may represent otherportions of the queries relevant to response construction. Such tokensdenote not that actual data in the response but the selection/sorting orother logic that was used to construct the response.

Consider an API call that shows “the latest 10 records” which can be thenewest offers, news, deals, signups, etc.—whatever is appropriate forthe API domain. As time passes and more records are added, the correctresponse has been altered potentially without a direct change to thedata itself and therefore without a direct change to a token that wasappended to a previous Hologram-enabled response. The responsive set ofdata has changed/updated, but the items of data themselves may not have.Thus we introduce tokens that account for the sorting or selectionbehavior present in the API call. In effect, these tokens areinvalidated when the API response has become invalid not because thedata within the API response has changed, as was the case in examplespreviously discussed, but because the sorting or selection of the datain the API response has become outdated. As such, the data in the APIresponse is now the ‘wrong’ data to provide in response to the same APIcall.

Let us take a ‘City Events’ API as an example. This is an API offered tofetch data about events occurring in Boston.

GET /events/listings?sort=last_modified+desc&filters=category:(Theater+Dance) &11=40.766146,−73.99021&api-key=123 Host:api.city-events-example.com ... X-Hologram-Data: ...,events:COUNTSORT

The “events:COUNTSORT” token is appended to the API response because theorigin server knows that the API call references the sorting command.The “events:COUNTSORT” token can later be invalidated by origin everytime the count of entries in the table is modified, thus correctlyinvalidating responses that depend on either the count or ordering ofqueries from the table.

As those skilled in the art will understand, such a ‘selection/sorting’token can be used for API calls that return such things as “recent”events, or “trending” or “currently popular” events, and the like.

Range Tokens

In some cases, an application may call an API and submit a data range,such as an API that returns items of interest falling within a requestedparticular geographic area, e.g., as selected on a map by a user. Theitems of interest might be homes for sale, the location of particularstores or places of interest, pinpoints of where photos were taken, andthe like. The systems and method described herein can be applied tothese use cases.

Building upon the exemplary token syntactic rules described previously,range tokens can use, in one implementation square bracket charactersfor the purpose of defining range syntax in the form of [A . . . B]where A and B are integers or floating point numbers separated by twoperiod characters and surrounded by square brackets; for example, “[1.1. . . 3.14]” which notates a range from 1.1 to 3.14, inclusively. Thisnotation is appended to an otherwise normal data token, for example,“age:[21 . . . 50]” to logically designate ages from 21 to 50 years old,inclusive.

Consider, for purposes of illustration, an HTTP GET request generated bysuch an application that looks like the following:

GET /api/foo. . . ?lat=1.1234567890,1.1244567890. . .&long=1.1234567890,1.1244567890. . . &num=25. . . ...yielding...Property 101 data Property 123 data Property 150 data ...

In this example, the latitude/longitude parameters represent a box fromthe four coordinates provided, and up to 25 results come back. Prior artTTL-based caching solutions may not cache this response very wellbecause the positioning is so fine-grained. A slight change to thecoordinates might result in a cache miss unless those particularcoordinates had been requested by another client within the TTL. Incertain embodiments, therefore, an origin can indicate that the resultfor a specific geographic box (or other data range) can be reused forsimilar boxes (or similar data ranges), as defined by a tolerance. Todetermine whether there is a cache hit, the caching server can interpretthe requested URL parameters (lat/long) and apply some tolerance to themwhen looking for matching entries in cache index.

Next, to tokenize this kind of response for Hologram, an origin servercan append tokens for each property identifier, which would enable thesystem to invalidate the cached response when data about that propertychanged (e.g., the price or status changed). To account for newproperties or other things appearing within the geographic box, Hologramtokens relating to the particular coordinates can be used (e.g.,latlong:a;b;c;d). However, such tokens are very specific, which cancause difficulties in trying to invalidate them. For example, an originmight have to determine that a previous set of coordinates (and tokens)should be invalidated based on a new property being added in the origindatabase. While such logic could be developed and placed in origin—forexample logic invalidating all coordinates and tokens within somedistance of the new item of interest—it places a burden on the originand may not be accurate in all cases.

To better address this issue, in certain embodiments, an API responsecan be tagged with range tokens that reflect the entire range of datafor which the response is dependent. In the foregoing example, aresponse with such tokens might be:

GET /api/foo. . . ?lat=1.1234567890,1.1244567890. . .&long=1.1234567890,1.1244567890. . . &num=25. . . ...yielding... . . .X-Hologram-Data: geo:[1.1234567890. .1.1244567890] [ 1.1234567890..1.1244567890], property:101, property:123, property: 150 . . . Property101 Property 123 Property 150

The origin can invalidate by a token corresponding to the particularcoordinates at which the new property (or other new item of interest) islocated. For example, assume a new Property 160 is added next door toProperty 101 and within the box defined by the coordinates in theearlier request. The invalidation assertion can be as follows:

POST /hologram/invalidate HTTP/1.1 ... tokens=geo: [1.1234567899][1.1234567899]

In this case, the particular location described by the invalidationassertion is interpreted by a Hologram server as two specific pointswithin ranges, one for latitude and one for longitude. Responses, likethe example above, that were notated with latitude and longitude rangesencompassing the specific location in the invalidation assertion areidentified and invalidated in cache.

In this way, responses can be notated with range tokens indicating therange of data values on which the response will depend. When an eventoccurs at origin within the data range, the origin can invalidate by aninvalidation assertion as to a specific data point within the range.

This approach can be applied to a variety of data and circumstanceswhere an API returns information based on a data range in the request.For example, in addition to the above, an API that returns events or TVshows or the like for a particular date or time range can be notatedwith the range, and if there is a new event added, or the schedule ofevents is rearranged, the responses covering that range can beinvalidated through the above mechanism. In such a case, the token mightinclude an invalidation for a sub-range of points within a range, e.g.,by asserting that time range for a changed TV show within the largerschedule is now invalid.

Potential Advantages of the System

The following are some benefits that may be achieved with the disclosedteachings, but do not necessarily represent all such benefits and thedescription of such potential benefits does not mean that achieving suchbenefits are required or necessary to the practice of the teachingshereof.

Potential Advantage: Localization of Traffic

The techniques described herein may result in less content traffictraversing the platform, compared to “no-store” mode, and localizationof content traffic for the API to regional at a platform edge. When arequest is inbound to a Hologram server, it can look up the URL andserve the document.

Any non-Hologram proxies can be used to provide an additional layer oftraditional TTL caching on the API responses in front of the Hologramproxies. A low TTL, in the realm of seconds, can be used. This would beuseful for extremely high-traffic scenarios where the wide deployment ofproxies is needed for fronting of massive public API traffic.

Potential Advantage: Origin Offload

Offload from origin servers may be achieved for a large segment of APIresponses while the data records they represent are “quiet”.

Potential Advantage: Latency

Lowering of latency for clients may be achieved for a large segment ofAPI responses while the data records they represent are “quiet”. Clientsthat are normally hundreds of milliseconds “away” from origin may nowfind themselves receiving answers more often from Hologram serverslocated more closely, driving down latency for the end-user.

Coordinated Updates For Online Presence

The teachings hereof can be applied to a variety of kinds of content,other than API content, and can support coordinated content updatesacross a content provider's online presence. By way of illustration,assume a CDN content provider wishes to provide a feed for “top news”throughout its online presence. The data for the “top news” content maybe realized in a document (e.g., XML document) that is taken up by thecontent provider's content management system for inclusion on a websitepage, that can be obtained by the content provider's mobile app fordisplay to end-users who are using the app, and/or is available via anAPI at “contentprovider.com/API/topnews” for other clients. Leveragingthe teachings hereof, a response from any of these systems (e.g., anhtml page from the web server, a mobile app response from the serverhandling the mobile app, and/or an API response) can be tagged with atoken for the ‘top news’ document. When that document is updated, thetoken is invalidated, resulting in each of the different responsesacross the online presence being invalidated from a caching perspective,and driving a coordinated real-time update.

Computer Based Implementation

The clients, servers, and other computer devices described herein may beimplemented with conventional computer systems, as modified by theteachings hereof, with the functional characteristics described aboverealized in special-purpose hardware, general-purpose hardwareconfigured by software stored therein for special purposes, or acombination thereof.

Software may include one or several discrete programs. A given functionmay comprise part of any given module, process, execution thread, orother such programming construct. Generalizing, each function describedabove may be implemented as computer code, namely, as a set of computerinstructions, executable in one or more microprocessors to provide aspecial purpose machine. The code may be executed using conventionalapparatus—such as a microprocessor in a computer, digital dataprocessing device, or other computing apparatus—as modified by theteachings hereof. In one embodiment, such software may be implemented ina programming language that runs in conjunction with a proxy on astandard Intel hardware platform running an operating system such asLinux. The functionality may be built into the proxy code, or it may beexecuted as an adjunct to that code.

While in some cases above a particular order of operations performed bycertain embodiments is set forth, it should be understood that suchorder is exemplary and that they may be performed in a different order,combined, or the like. Moreover, some of the functions may be combinedor shared in given instructions, program sequences, code portions, andthe like. References in the specification to a given embodiment indicatethat the embodiment described may include a particular feature,structure, or characteristic, but every embodiment may not necessarilyinclude the particular feature, structure, or characteristic.

FIG. 11 is a block diagram that illustrates hardware in a computersystem 1100 in which embodiments of the invention may be implemented.The computer system 1100 may be embodied in a client, server, personalcomputer, workstation, tablet computer, wireless device, mobile device,network device, router, hub, gateway, or other device.

Computer system 1100 includes a microprocessor 1104 coupled to bus 1101.In some systems, multiple microprocessor and/or microprocessor cores maybe employed. Computer system 1100 further includes a main memory 1110,such as a random access memory (RAM) or other storage device, coupled tothe bus 1101 for storing information and instructions to be executed bymicroprocessor 1104. A read only memory (ROM) 1108 is coupled to the bus1101 for storing information and instructions for microprocessor 1104.As another form of memory, a non-volatile storage device 1106, such as amagnetic disk, solid state memory (e.g., flash memory), or optical disk,is provided and coupled to bus 1101 for storing information andinstructions. Other application-specific integrated circuits (ASICs),field programmable gate arrays (FPGAs) or circuitry may be included inthe computer system 1100 to perform functions described herein.

Although the computer system 1100 is often managed remotely via acommunication interface 1116, for local administration purposes thesystem 1100 may have a peripheral interface 1112 communicatively couplescomputer system 1100 to a user display 1114 that displays the output ofsoftware executing on the computer system, and an input device 1115(e.g., a keyboard, mouse, trackpad, touchscreen) that communicates userinput and instructions to the computer system 1100. The peripheralinterface 1112 may include interface circuitry and logic for local busessuch as Universal Serial Bus (USB) or other communication links.

Computer system 1100 is coupled to a communication interface 1116 thatprovides a link between the system bus 1101 and an externalcommunication link. The communication interface 1116 provides a networklink 1118. The communication interface 1116 may represent an Ethernet orother network interface card (NIC), a wireless interface, modem, anoptical interface, or other kind of input/output interface.

Network link 1118 provides data communication through one or morenetworks to other devices. Such devices include other computer systemsthat are part of a local area network (LAN) 1126. Furthermore, thenetwork link 1118 provides a link, via an internet service provider(ISP) 1120, to the Internet 1122. In turn, the Internet 1122 may providea link to other computing systems such as a remote server 1130 and/or aremote client 1131. Network link 1118 and such networks may transmitdata using packet-switched, circuit-switched, or other data-transmissionapproaches.

In operation, the computer system 1100 may implement the functionalitydescribed herein as a result of the microprocessor executing code. Suchcode may be read from or stored on a non-transitory computer-readablemedium, such as memory 1110, ROM 1108, or storage device 1106. Otherforms of non-transitory computer-readable media include disks, tapes,magnetic media, CD-ROMs, optical media, RAM, PROM, EPROM, and EEPROM.Any other non-transitory computer-readable medium may be employed.Executing code may also be read from network link 1118 (e.g., followingstorage in an interface buffer, local memory, or other circuitry).

The client device may be a conventional desktop, laptop or otherInternet-accessible machine running a web browser or other renderingengine, but as mentioned above the client may also be a mobile device.Any wireless client device may be utilized, e.g., a cellphone, pager, apersonal digital assistant (PDA, e.g., with GPRS NIC), a mobile computerwith a smartphone client, tablet or the like. Other mobile devices inwhich the technique may be practiced include any access protocol-enabled device (e.g., iOS™-based device, an Android™-based device, othermobile-OS based device, or the like) that is capable of sending andreceiving data in a wireless manner using a wireless protocol. Typicalwireless protocols include: WiFi, GSM/GPRS, CDMA or WiMax. Theseprotocols implement the ISO/OSI Physical and Data Link layers (Layers 1& 2) upon which a traditional networking stack is built, complete withIP, TCP, SSL/TLS and HTTP. The WAP (wireless access protocol) alsoprovides a set of network communication layers (e.g., WDP, WTLS, WTP)and corresponding functionality used with GSM and CDMA wirelessnetworks, among others.

In a representative embodiment, the mobile device is a cellulartelephone that operates over GPRS (General Packet Radio Service), whichis a data technology for GSM networks. Generalizing, a mobile device asused herein is a 3G- (or next generation) compliant device that includesa subscriber identity module (SIM), which is a smart card that carriessubscriber-specific information, mobile equipment (e.g., radio andassociated signal processing devices), a man-machine interface (MMI),and one or more interfaces to external devices (e.g., computers, PDAs,and the like). The techniques disclosed herein are not limited for usewith a mobile device that uses a particular access protocol. The mobiledevice typically also has support for wireless local area network (WLAN)technologies, such as Wi-Fi. WLAN is based on IEEE 802.11 standards. Theteachings disclosed herein are not limited to any particular mode orapplication layer for mobile device communications.

It should be understood that the foregoing has presented certainembodiments of the invention that should not be construed as limiting.For example, certain language, syntax, and instructions have beenpresented above for illustrative purposes, and they should not beconstrued as limiting. It is contemplated that those skilled in the artwill recognize other possible implementations in view of this disclosureand in accordance with its scope and spirit. The appended claims definethe subject matter for which protection is sought.

It is noted that trademarks appearing herein are the property of theirrespective owners and used for identification and descriptive purposesonly, given the nature of the subject matter at issue, and not to implyendorsement or affiliation in any way.

1-28. (canceled)
 29. A method performed by a distributed systemcomprising a plurality of servers including a first, a second and athird server operable to communicate over one or more computer networks,the method comprising: at the first server: receiving a request forparticular content from one of a plurality of clients, the requestcomprising a domain name; sending the request for particular content tothe third server; in response to the request, receiving a message thatcomprises the particular content and one or more tokens distinct fromthe particular content; storing the particular content in a local cacheof the first server in association with the one or more tokens; sendinga subscription request to the third server, the subscription requestcomprising a request to receive invalidation messages for tokensassociated with the domain name over a subscription channel associatedwith the domain name; at the second server: receiving a write requestfrom any of the same and another one of the plurality of clients, thewrite request comprising the domain name; sending the write request tothe third server; receiving a response to the write request from thethird server; at the third server: sending the response to the writerequest to the second server; determining that the response to the writerequest is associated with a particular token; upon said determination,sending an invalidation message for the particular token to the firstserver, the invalidation message sent over the subscription channel forthe domain name; at the first server: receiving the invalidation messagefor the particular token from the third server, and upon said receipt,determining that the particular token is one of the one or more tokensassociated with the particular content, and based at least in part uponsaid determination, marking the particular content stored in the localcache as invalid; wherein each of the first, second, and third serverscomprise at least one microprocessor and memory storing computerinstructions for execution by the at least one microprocessor to performthe method as specified above.
 30. The method of claim 29, wherein atleast the first and second servers are two of a plurality of nodes in acontent delivery network.
 31. The method of claim 29, wherein the thirdserver communicates with an origin server to obtain the particularcontent and the response to the write request.
 32. The method of claim29, where the request for particular content comprises one or more of:(i) an HTTP request, and (ii) a request for service from an applicationprogrammer interface (API).
 33. The method of claim 29, wherein theinvalidation message comprises any of: an explicit assertion that theparticular token is invalid, and an implicit assertion that theparticular token is invalid.
 34. The method of claim 29, wherein theparticular token comprises a moniker and any of a serial number and atimestamp, and the invalidation message indicates that the token isinvalid because the invalidation message includes the moniker and any ofa different serial number and a different timestamp.
 35. A methodperformed by a distributed system comprising a plurality of serversincluding a first, a second and a third server operable to communicateover one or more computer networks, the method comprising: at the firstserver: receiving a request for particular content from one of aplurality of clients, the request comprising a domain name; sending therequest for particular content to an origin server; in response to therequest, receiving a message comprising the particular content and oneor more tokens distinct from the particular content; storing theparticular content in a local cache of the first server in associationwith one or more tokens; sending a subscription request to the originserver, the subscription request comprising a request to receiveinvalidation messages for tokens associated with the domain name over asubscription channel associated with the domain name; at the secondserver: receiving a write request from any of the same and another oneof the plurality of clients, the write request comprising the domainname; sending the write request to the origin server; receiving aresponse to the write request from the origin server; determining thatthe response to the write request includes a particular token; upon saiddetermination, sending a first invalidation message for the particulartoken to a third server; at the third server: receiving the firstinvalidation message and upon said receipt, sending to the first servera second invalidation message for the particular token, the secondinvalidation message sent over the subscription channel associated withthe domain name; at the first server: receiving the second invalidationmessage for the particular token from the third server, and upon saidreceipt, determining that the particular token is one of the one or moretokens, and based at least in part upon said determination, marking theparticular content stored in the local cache as invalid; wherein each ofthe first, second, and third servers comprises at least onemicroprocessor and memory storing computer instructions for execution bythe at least one microprocessor to perform the method as specifiedabove.
 36. The method of claim 35, wherein at least the first and secondservers are two of a plurality of nodes in a content delivery network.37. The method of claim 35, where the request for particular contentcomprises one or more of: (i) an HTTP request and (ii) a request forservice from an application programmer interface (API).
 38. The methodof claim 35, wherein the second invalidation message comprises any of:an explicit assertion that the particular token is invalid, and animplicit assertion that the particular token is invalid.
 39. The methodof claim 35, wherein the particular token comprises a moniker and any ofa serial number and a timestamp, and the second invalidation messageindicates that the particular token is invalid because the invalidationmessage includes the moniker and any of a different serial number and adifferent timestamp.
 40. A system comprising a plurality of serversoperable to communicate over one or more computer networks, the systemcomprising: a first server comprising at least one microprocessor andmemory storing computer instructions for execution by the at least onemicroprocessor, the computer instructions including: instructions forreceiving a request for particular content from one of a plurality ofclients, the request comprising a domain name; instructions for sendingthe request for particular content, the request being sent to an originserver; instructions for, in response to the request, receiving amessage comprising the particular content and one or more tokensdistinct from the particular content; instructions for storing theparticular content in a local cache of the first server in associationwith one or more tokens; instructions for sending a subscription requestto the origin server, the subscription request comprising a request toreceive invalidation messages for tokens associated with the domain nameover a subscription channel associated with the domain name; a secondserver comprising at least one microprocessor and memory storingcomputer instructions for execution by the at least one microprocessor,the computer instructions including: instructions for receiving a writerequest from any of the same and another one of the plurality ofclients, the write request comprising the domain name; instructions forsending the write request to the origin server; instructions forreceiving a response to the write request from the origin server;instructions for determining that the response to the write requestincludes a particular token; instructions for, upon said determination,sending a first invalidation message for the particular token to a thirdserver; the third server comprising at least one microprocessor andmemory storing computer instructions for execution by the at least onemicroprocessor, the computer instructions including: instructions forreceiving the first invalidation message and upon said receipt, sendinga second invalidation message for the particular token to the firstserver, the second invalidation message sent over the subscriptionchannel associated with the domain name; the first server's computerinstructions further including: instructions for receiving the secondinvalidation message for the particular token from the third server, andupon said receipt, determining that the particular token is one of theone or more tokens, and based at least in part upon said determination,marking the particular content stored in the local cache as invalid.